search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 962d4a9) | patch
CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal()
commit661a7cdb0aba2c94332ff7b997023ad040aa4f7c
authorStefan Metzmacher <metze@samba.org>
Thu, 11 Jul 2019 15:02:15 +0000 (11 17:02 +0200)
committerKarolin Seeger <kseeger@samba.org>
Tue, 27 Aug 2019 11:16:24 +0000 (27 13:16 +0200)
tree8f1d96ae3c25c2a50d0fb8e43c4e09c6bca7fe5dtree | snapshot (tar.gz zip)
parent962d4a98b50a3ce1d58ebc516e8de9335a14dfdbcommit | diff
CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal()

This makes sure we always call chdir_current_service() even
when we still impersonated the user. Which is important
in order to run the SMB* request within the correct working directory
and only if the user has permissions to enter that directory.

It makes sure we always update conn->lastused_count
in chdir_current_service() for each request.

Note that vfs_ChDir() (called from chdir_current_service())
maintains its own cache and avoids calling SMB_VFS_CHDIR()
if possible.

It means we still avoid syscalls if we get a multiple requests
for the same session/tcon tuple.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
selftest/knownfail.d/CVE-2019-10197 [deleted file] blob | blame | history
source3/smbd/uid.c diff | blob | blame | history
Samba GIT mirror